[lug] RH 7.x word of caution

Thu Jun 7 13:33:58 MDT 2001

The menu appears in an odd place - right after TCP syncookie support.
Maybe you are not looking there? Every 2.4.x kernel released so far has
had this menu, so its not a redhat patch.
-D

-------------------
David Trowbridge
jupiter at flatirons.org
http://jupiter.babylonia.flatirons.org

"Base 8 is just like base 10 really...if you're missing two fingers"
	-Tom Lehrer

On Thu, 7 Jun 2001, D. Stimits wrote:

> David Trowbridge wrote:
> >
> > Here's what you need to do in menuconfig:
> > Select network packet filtering. A submenu called 'Netfilter
> > configuration' or something similar will appear. Within that menu,
> > ipchains compatibility is only available if both connection tracking and
> > iptables are modular/disabled. Any configuration where either of those are
> > compiled in will not have the options to build the ipchains module.
>
> No such menu appears. Under "Network packet filtering", activation only
> creates "Network packet filtering debugging". Nor is there any option
> related to connection tracking or iptables as a submenu of that menu,
> with or without select of Network packet filter. My source must be
> screwy. What source version is this? 2.4.5? I'm trying that and 2.4.6
> pre1. If it is the stock redhat source, it probably means a patch was
> required.
>
> D. Stimits, stimits at idcomm.com
>
> >
> > -David
> >
> > -------------------
> > David Trowbridge
> > jupiter at flatirons.org
> > http://jupiter.babylonia.flatirons.org
> >
> > "Base 8 is just like base 10 really...if you're missing two fingers"
> >         -Tom Lehrer
> >
> > On Thu, 7 Jun 2001, D. Stimits wrote:
> >
> > > kevin at scrye.com wrote:
> > > >
> > > > >>>>> "DStimits" == D Stimits <stimits at idcomm.com> writes:
> > > ...
> > > >
> > > > Yes, it is part of the standard kernel. It's:
> > > >
> > > > CONFIG_IP_NF_COMPAT_IPCHAINS
> > > > ipchains (2.2-style) support
> > > > CONFIG_IP_NF_COMPAT_IPCHAINS
> > > >   This option places ipchains (with masquerading and redirection
> > > >   support) back into the kernel, using the new netfilter
> > > >   infrastructure.  It is not recommended for new installations (see
> > > >   `Packet filtering').  With this enabled, you should be able to use
> > > >   the ipchains tool exactly as in 2.2 kernels.
> > > >
> > > >   If you want to compile it as a module, say M here and read
> > > >   Documentation/modules.txt.  If unsure, say `N'.
> > > >
> > > > If you built iptables or ipfwadm into the kernel, you won't see this
> > > > one. You can only have one at a time. You can build them all as
> > > > modules tho...when you load the ipchains module, everything will work
> > > > like you are on a 2.2.x kernel with ipchains.
> > > ...
> > >
> > > I have verified that this is definitely available in the
> > > Documentation/Configure.help, but I am trying without luck to find how
> > > to activate this in make menuconfig. I understand what you are saying
> > > about activation of ipchains other items causing this one to disappear,
> > > but I have been swimming around this for quite some time (in make
> > > menuconfig interface) and cannot find an item that actually matches
> > > this. I am assuming the following...
> > > Start in make menuconfig;
> > > Go to "Networking options";
> > > Somewhere in here...?
> > >
> > > At this point I see:
> > > <*> Packet socket
> > > [ ]   Packet socket: mmapped IO
> > > [ ] Kernel/User netlink socket
> > > [ ] Network packet filtering (replaces ipchains)
> > > [ ] Socket Filtering
> > > <*> Unix domain sockets
> > > [*] TCP/IP networking
> > > [*]   IP: multicasting
> > > [ ]   IP: advanced router
> > > [ ]   IP: kernel level autoconfiguration
> > > < >   IP: tunneling
> > > < >   IP: GRE tunnels over IP
> > > [ ]   IP: multicast routing
> > > [ ]   IP: TCP Explicit Congestion Notification support
> > > [ ]   IP: TCP syncookie support (disabled per default)
> > > ---
> > > < > The IPX protocol
> > > < > Appletalk protocol support
> > > < > DECnet Support
> > > < > 802.1d Ethernet Bridging
> > > QoS and/or fair queueing  --->
> > >
> > >
> > > Most interesting is the "Network packet filtering (replaces ipchains)".
> > > I've tried with and without this, and all kinds of other possible
> > > iptables or ipchains related items, with no success at finding the
> > > actual item for CONFIG_IP_NF_COMPAT_IPCHAINS (checking help on each). I
> > > do have it set to prompt for incomplete or devel, so that is not the
> > > problem. I must be overlooking something terribly simple, staring right
> > > at me. Under the assumption that it is set to prompt for devel or
> > > incomplete packages, is the submenu "Networking options" not the place
> > > to set this? Did you manually edit your .config and add this in? I keep
> > > thinking all I need to do is bang my head on the wall a little
> > > harder....
> > >
> > > D. Stimits, stimits at idcomm.com
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > >
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>